Pedro Paulo Oliveira JrPersonal websitehttp://ppaulojr.github.io/
Thu, 04 Apr 2019 19:52:55 +0000Thu, 04 Apr 2019 19:52:55 +0000Jekyll v3.7.4Securing an iOS App<h1 id="securing-an-ios-app">Securing an iOS App</h1>
<p>Developing an iOS app that meet security standards like PCI-DSS, HIPAA, FISMA among others is challenging. The main reason is that we need to understand the main vectors of attack to an app and sometimes that comes with experience and pentests.</p>
<p>In this article I try to summarize some lessons I learned over the course of several security reviews in making your iOS app more secure.</p>
<p>This article focuses mostly on iOS 11 and 12 and the goal is how to leverage Apple’s current security requirements to avoid unintended data leakage.</p>
<h2 id="dont-leave-files-behind">Don’t leave files behind</h2>
<p>I strongly recommend that you purge any locally stored data upon user logout or finishing a session.</p>
<p>There are lots of temporary data stored in your sandbox environment that need to be wiped or an attacker gaining control of the device can recover important information.</p>
<p>Here some things worth cleaning.</p>
<h3 id="network-caches">Network caches</h3>
<p>I use the following Obj-C code to accomplish it:</p>
<div class="language-objc highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">+</span> <span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="n">destroyNetworkCache</span>
<span class="p">{</span>
<span class="n">NSString</span> <span class="o">*</span><span class="n">caches</span> <span class="o">=</span> <span class="p">[</span><span class="n">NSSearchPathForDirectoriesInDomains</span><span class="p">(</span><span class="n">NSCachesDirectory</span><span class="p">,</span> <span class="n">NSUserDomainMask</span><span class="p">,</span> <span class="n">TRUE</span><span class="p">)</span> <span class="nf">objectAtIndex</span><span class="p">:</span><span class="mi">0</span><span class="p">];</span>
<span class="n">NSString</span> <span class="o">*</span><span class="n">appID</span> <span class="o">=</span> <span class="p">[[</span><span class="n">NSBundle</span> <span class="nf">mainBundle</span><span class="p">]</span> <span class="nf">infoDictionary</span><span class="p">][</span><span class="s">@"CFBundleIdentifier"</span><span class="p">];</span>
<span class="n">NSString</span> <span class="o">*</span><span class="n">path</span> <span class="o">=</span> <span class="p">[</span><span class="n">NSString</span> <span class="nf">stringWithFormat</span><span class="p">:</span><span class="s">@"%@/%@"</span><span class="p">,</span> <span class="n">caches</span><span class="p">,</span> <span class="n">appID</span><span class="p">];</span>
<span class="p">[[</span><span class="n">NSFileManager</span> <span class="nf">defaultManager</span><span class="p">]</span> <span class="nf">removeItemAtPath</span><span class="p">:</span><span class="n">path</span> <span class="nf">error</span><span class="p">:</span><span class="nb">nil</span><span class="p">];</span>
<span class="p">}</span>
</code></pre></div></div>
<h3 id="the-whole-sandbox">The whole Sandbox</h3>
<p>Using a helper method that navigate folders cleaning the content you can use the following code to wipe your Sandbox.</p>
<div class="language-objc highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">+</span> <span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="n">emptySandbox</span>
<span class="p">{</span>
<span class="n">NSArray</span> <span class="o">*</span><span class="n">paths</span> <span class="o">=</span> <span class="n">NSSearchPathForDirectoriesInDomains</span><span class="p">(</span><span class="n">NSDocumentDirectory</span><span class="p">,</span> <span class="n">NSUserDomainMask</span><span class="p">,</span> <span class="nb">YES</span><span class="p">);</span>
<span class="n">NSString</span> <span class="o">*</span><span class="n">documentsDirectory</span> <span class="o">=</span> <span class="p">[</span><span class="n">paths</span> <span class="nf">objectAtIndex</span><span class="p">:</span><span class="mi">0</span><span class="p">];</span>
<span class="p">[</span><span class="n">self</span> <span class="nf">cleanFolder</span><span class="p">:</span><span class="n">documentsDirectory</span><span class="p">];</span>
<span class="n">NSString</span> <span class="o">*</span><span class="n">tmpDirectory</span> <span class="o">=</span> <span class="p">[</span><span class="n">documentsDirectory</span> <span class="nf">stringByReplacingOccurrencesOfString</span><span class="p">:[</span><span class="n">documentsDirectory</span> <span class="nf">lastPathComponent</span><span class="p">]</span> <span class="nf">withString</span><span class="p">:</span><span class="s">@"tmp"</span><span class="p">];</span>
<span class="p">[</span><span class="n">self</span> <span class="nf">cleanFolder</span><span class="p">:</span><span class="n">tmpDirectory</span><span class="p">];</span>
<span class="p">}</span>
</code></pre></div></div>
<p>If you want some files to persist this removal you can preserve then instead of removing the whole <code class="highlighter-rouge">documentsDirectory</code>.</p>
<h2 id="avoid-screenshots-of-sensitive-data">Avoid screenshots of sensitive data</h2>
<p>When the user closes an App by using the home button iOS takes a screenshot in order to create the closing app effect and to display the app for multitasking.</p>
<p>For most apps this is okay, but if you are developing an app that handles financial data, medical data or even classified documents you don’t want screenshots of this floating around.</p>
<p>In order to achive this you can implement the method <code class="highlighter-rouge">applicationWillResignActive:</code> in you Application Delegate and hide the window content. Then you show the content you masked by implement <code class="highlighter-rouge">applicationDidBecomeActive:</code> and <code class="highlighter-rouge">applicationWillEnterForeground:</code></p>
<p>A sample implementation of hide/show screen content can be found below.</p>
<div class="language-objc highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">-</span> <span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="n">hideContent</span>
<span class="p">{</span>
<span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">self</span><span class="p">.</span><span class="n">hideContentWindow</span><span class="p">)</span>
<span class="p">{</span>
<span class="n">self</span><span class="p">.</span><span class="n">hideContentWindow</span> <span class="o">=</span> <span class="p">[[</span><span class="n">UIWindow</span> <span class="nf">alloc</span><span class="p">]</span> <span class="nf">initWithFrame</span><span class="p">:[</span><span class="n">UIScreen</span> <span class="nf">mainScreen</span><span class="p">].</span><span class="n">bounds</span><span class="p">];</span>
<span class="n">UIView</span> <span class="o">*</span><span class="n">launchScreen</span> <span class="o">=</span> <span class="p">[[[</span><span class="n">NSBundle</span> <span class="nf">mainBundle</span><span class="p">]</span> <span class="nf">loadNibNamed</span><span class="p">:</span><span class="s">@"Launch Screen"</span> <span class="nf">owner</span><span class="p">:</span><span class="nb">nil</span> <span class="nf">options</span><span class="p">:</span><span class="nb">nil</span><span class="p">]</span> <span class="n">objectAtIndex</span><span class="o">:</span><span class="mi">0</span><span class="p">];</span>
<span class="n">launchScreen</span><span class="p">.</span><span class="n">autoresizingMask</span> <span class="o">=</span> <span class="n">UIViewAutoresizingFlexibleWidth</span> <span class="o">|</span> <span class="n">UIViewAutoresizingFlexibleHeight</span><span class="p">;</span>
<span class="n">launchScreen</span><span class="p">.</span><span class="n">frame</span> <span class="o">=</span> <span class="p">[</span><span class="n">UIScreen</span> <span class="nf">mainScreen</span><span class="p">].</span><span class="n">bounds</span><span class="p">;</span>
<span class="n">UIViewController</span> <span class="o">*</span><span class="n">controller</span> <span class="o">=</span> <span class="p">[</span><span class="n">UIViewController</span> <span class="nf">new</span><span class="p">];</span>
<span class="p">[</span><span class="n">controller</span><span class="p">.</span><span class="n">view</span> <span class="nf">addSubview</span><span class="p">:</span><span class="n">launchScreen</span><span class="p">];</span>
<span class="n">self</span><span class="p">.</span><span class="n">hideContentWindow</span><span class="p">.</span><span class="n">rootViewController</span> <span class="o">=</span> <span class="n">controller</span><span class="p">;</span>
<span class="p">}</span>
<span class="p">[</span><span class="n">self</span><span class="p">.</span><span class="n">hideContentWindow</span> <span class="nf">makeKeyAndVisible</span><span class="p">];</span>
<span class="p">}</span>
<span class="o">-</span> <span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="n">unhideContent</span>
<span class="p">{</span>
<span class="n">self</span><span class="p">.</span><span class="n">hideContentWindow</span><span class="p">.</span><span class="n">hidden</span> <span class="o">=</span> <span class="nb">YES</span><span class="p">;</span>
<span class="n">self</span><span class="p">.</span><span class="n">hideContentWindow</span> <span class="o">=</span> <span class="nb">nil</span><span class="p">;</span>
<span class="p">}</span>
</code></pre></div></div>
<h2 id="use-certificate-pinning">Use certificate pinning</h2>
<p>Certificate Pinning is the process of associating a host with their expected X509 certificate or public key, according to <a href="https://www.owasp.org/index.php/Pinning_Cheat_Sheet">OWASP</a>.</p>
<p>The goal here is to avoid a Man in the middle kind of attack. If you don’t use a certificate pinning and the certificate trust chain of your device got compromised then an attacker can install a Certification Authority in the device and decrypt SSL traffic using an SSL MITM proxy.</p>
<p><a href="https://github.com/datatheorem/TrustKit">TrustKit</a> is a very well maintened and secure library for iOS that will do all the heavy lifting on checking the network connections for a proper SSL certificate.</p>
<p>After extracting all the data you need from the certificate (here I strongly recomend reading the README on the TrustKit repository), implementing certificate pinning in your application is as simple as calling the method below:</p>
<div class="language-objc highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">+</span> <span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="n">initTrustKit</span>
<span class="p">{</span>
<span class="n">NSDictionary</span> <span class="o">*</span><span class="n">trustKitConfig</span> <span class="o">=</span>
<span class="p">@{</span>
<span class="nl">kTSKSwizzleNetworkDelegates:</span> <span class="nb">@YES</span><span class="p">,</span>
<span class="n">kTSKPinnedDomains</span> <span class="o">:</span> <span class="p">@{</span>
<span class="s">@"api.mydomain.com"</span> <span class="o">:</span> <span class="p">@{</span>
<span class="n">kTSKPublicKeyAlgorithms</span> <span class="o">:</span> <span class="p">@[</span><span class="n">kTSKAlgorithmRsa2048</span><span class="p">,</span>
<span class="n">kTSKAlgorithmRsa4096</span><span class="p">,</span>
<span class="n">kTSKAlgorithmEcDsaSecp256r1</span><span class="p">],</span>
<span class="n">kTSKPublicKeyHashes</span> <span class="o">:</span> <span class="p">@[</span>
<span class="s">@"yixTXUagjRlIlDRB6QOVVxBVqwPAxptoDeutKmJx4="</span><span class="p">,</span>
<span class="s">@"0FBf3cRRadZJaMxoF19oC73VMavLxj/N7WBNbeNzkR8="</span><span class="p">,</span>
<span class="p">],</span>
<span class="n">kTSKEnforcePinning</span> <span class="o">:</span> <span class="nb">@YES</span><span class="p">,</span>
<span class="p">},</span>
<span class="p">}</span>
<span class="p">};</span>
<span class="p">[</span><span class="n">TrustKit</span> <span class="nf">initializeWithConfiguration</span><span class="p">:</span><span class="n">trustKitConfig</span><span class="p">];</span>
<span class="p">}</span>
</code></pre></div></div>
<h2 id="encrypt-your-databases">Encrypt your databases</h2>
<p>On iOS there are two levels of protection that we can apply to persistent data on a database: Filesystem Encryption and Data Encryption.</p>
<p>On Filesystem Encryption, <a href="https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy/encrypting_your_app_s_files?language=objc">Apple allow the developer</a> to select one of four kinds of security for each file you create:</p>
<ul>
<li>
<p><em>No protection</em>. The file is always accessible.</p>
</li>
<li>
<p><em>Complete until first user authentication. (Default)</em> - The file is inaccessible until the first time the user unlocks the device. After the first unlocking of the device, the file remains accessible until the device shuts down or reboots.</p>
</li>
<li>
<p><em>Complete unless open.</em> You can open existing files only when the device is unlocked. If you have a file already open, you may continue to access that file even after the user locks the device. You can also create new files and access them while the device is locked or unlocked.</p>
</li>
<li>
<p><em>Complete</em>. The file is accessible only when the device is unlocked.</p>
</li>
</ul>
<p>The <em>Complete</em> level is, of course, the more secure but it forces you to manage the locking and unlocking events by implementing the App delegate methods <code class="highlighter-rouge">applicationProtectedDataWillBecomeUnavailable:</code> and <code class="highlighter-rouge">applicationProtectedDataDidBecomeAvailable</code>.</p>
<p>My current recommendation is to leave the default file protection and implement full database encryption.</p>
<p>For Core Data that’s not an ideal solution because you’ll have to rely on a specific library that create a layer over Core Data NSIncrementalStorage. This library, <a href="https://github.com/project-imas/encrypted-core-data">Encrypted Core Data</a>, now lacks frequent updates and suffers from performance issues and limitations on numbers of parameters passed in a query.</p>
<p>In our main project we switched completely from Core Data to <a href="https://realm.io/products/realm-database/">Realm</a> as a persistence layer for that reason.</p>
<p>Realm comes with support to AES-256 encryption that’s easily added to the database with few lines of code:</p>
<div class="language-objc highlighter-rouge"><div class="highlight"><pre class="highlight"><code> <span class="n">RLMRealmConfiguration</span> <span class="o">*</span><span class="n">config</span> <span class="o">=</span> <span class="p">[</span><span class="n">RLMRealmConfiguration</span> <span class="nf">new</span><span class="p">];</span>
<span class="n">config</span><span class="p">.</span><span class="n">encryptionKey</span> <span class="o">=</span> <span class="n">key</span><span class="p">;</span>
<span class="n">Realm</span> <span class="o">*</span> <span class="n">realm</span> <span class="o">=</span> <span class="p">[</span><span class="n">RLMRealm</span> <span class="nf">realmWithConfiguration</span><span class="p">:</span><span class="n">config</span> <span class="nf">error</span><span class="p">:</span><span class="nb">nil</span><span class="p">];</span>
</code></pre></div></div>
<h2 id="conclusion">Conclusion</h2>
<p>There are a number of other details you need to care about when implementing a secure iOS application. I chose tho list some that had a more significant impact in making our app safer.</p>
<p>Below you can find more resources I recommend if you want to dive deeper in the subject.</p>
<ul>
<li>
<p><a href="https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf">Apple’s iOS Security Guide</a> it’s like a version of the <a href="https://developer.apple.com/design/human-interface-guidelines/">Human Interface Guidelines</a> but for security.</p>
</li>
<li>
<p><a href="https://blog.datatheorem.com/blog">Data Theorem’s blog</a> - This is the maker of TrustKit and they have a blog on mobile security</p>
</li>
</ul>
Sun, 03 Mar 2019 18:00:00 +0000http://ppaulojr.github.io/development/2019/03/03/securing-an-iOS-app.html
http://ppaulojr.github.io/development/2019/03/03/securing-an-iOS-app.htmldevelopmentWhen hiring make sure you don't discard Michael Jordan<p>A few months ago we were in a hiring spree and I was helping the HR team to improve our process to deal with the flood of resumes we were receiving.</p>
<p>Unfortunately many companies use the following process: Automatic filter resumes, Send code challenge, then start talking. This is a flawed methodology that will on the long run yield B players and my goal in this short post is to prove why.</p>
<p>In Brazil, the dream of many kids is to turn into a professional soccer player, therefore the major soccer teams in the league are flooded with applicants and it’s hard from seeing a kid play for 10-15 minutes to decide if we are seeing an average player or the next Lionel Messi.</p>
<p>One famous rejection occurred in the summer of 1953 when Flamengo turned down a young player nicknamed <a href="https://en.wikipedia.org/wiki/Garrincha">Garrincha</a> after a quick glance by saying his legs were not straight. The history proved then wrong and Garrincha playing for the rival team Botafogo humiliated Flamengo several times and won two Fifa World Cups.</p>
<p>My point is, if we set an automatic or semi-automatic process before we even have a chance to talk with the candidate we might reject people that are true A player. A players sometimes shy away from doing automated code interviews before talking. A players sometimes don’t perform well in simulated situations when they don’t have motivation to see that it’s not yet another automated test. Your automated test sometimes is poorly designed.</p>
<p>In 1984 Houston Rockets and Portland Trail Blazers had the opportunity to draft Michael Jordan. They both wasted it. Of course one can argue that hindsight is 20/20 but let’s give ourselves a better chance of hiring the Michael Jordans of development by having a conversation first and then moving into a coding challenge.</p>
Sat, 26 Jan 2019 18:00:00 +0000http://ppaulojr.github.io/interview/2019/01/26/dont-discard-michael-jordan.html
http://ppaulojr.github.io/interview/2019/01/26/dont-discard-michael-jordan.htmlinterviewQuestions for interviewing devs<p>One tricky thing is to come out with a plan to interview developers. Back in 1999 I got a job offer from Microsoft based in a full day in person interview which was in my opinion one of the best crafted hiring process I ever witnessed, however if you are not Microsoft, Google or Apple you cannot afford motivating people to take full day interviews or flying 10 engineers to conduct the process.</p>
<p>The post is not about what you should do or avoid but to comment on some questions that I came across during those years in the job.</p>
<blockquote>
<p>How do you reverse a linked list?</p>
</blockquote>
<p>The solution is easy for any computer science student but can be tricky when asked when a candidate would be expecting a higher lever interview and is caught by surprise, like the move 1. e4 e5 2.Qh5 in a bullet chess game.</p>
<p>It’s an okay question for an interview, but before asking I would take the following precautions:</p>
<ol>
<li>Set the candidate at easy saying we don’t expect a textbook answer but just to see how they think.</li>
<li>Give some help if the interviewed person is stuck because we caught them off guard</li>
<li>Sometimes it’s helpful to give some context like:</li>
</ol>
<div class="language-c highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">struct</span> <span class="n">node</span>
<span class="p">{</span>
<span class="kt">int</span> <span class="n">data</span><span class="p">;</span>
<span class="k">struct</span> <span class="n">node</span><span class="o">*</span> <span class="n">next</span><span class="p">;</span>
<span class="p">};</span>
</code></pre></div></div>
<p>What is not okay in this case is that we expect the candidate to came up with a textbook canonical answer like:</p>
<div class="language-c highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">static</span> <span class="kt">void</span> <span class="nf">reverse</span><span class="p">(</span><span class="k">struct</span> <span class="n">node</span><span class="o">**</span> <span class="n">head_ref</span><span class="p">)</span>
<span class="p">{</span>
<span class="k">struct</span> <span class="n">node</span><span class="o">*</span> <span class="n">prev</span> <span class="o">=</span> <span class="nb">NULL</span><span class="p">;</span>
<span class="k">struct</span> <span class="n">node</span><span class="o">*</span> <span class="n">current</span> <span class="o">=</span> <span class="o">*</span><span class="n">head_ref</span><span class="p">;</span>
<span class="k">struct</span> <span class="n">node</span><span class="o">*</span> <span class="n">next</span><span class="p">;</span>
<span class="k">while</span> <span class="p">(</span><span class="n">current</span> <span class="o">!=</span> <span class="nb">NULL</span><span class="p">)</span>
<span class="p">{</span>
<span class="n">next</span> <span class="o">=</span> <span class="n">current</span><span class="o">-&gt;</span><span class="n">next</span><span class="p">;</span>
<span class="n">current</span><span class="o">-&gt;</span><span class="n">next</span> <span class="o">=</span> <span class="n">prev</span><span class="p">;</span>
<span class="n">prev</span> <span class="o">=</span> <span class="n">current</span><span class="p">;</span>
<span class="n">current</span> <span class="o">=</span> <span class="n">next</span><span class="p">;</span>
<span class="p">}</span>
<span class="o">*</span><span class="n">head_ref</span> <span class="o">=</span> <span class="n">prev</span><span class="p">;</span>
<span class="p">}</span>
</code></pre></div></div>
<p>We could see some people came up with elegant, although not the best solution:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">A</span> <span class="o">=</span> <span class="n">Stack</span><span class="p">()</span>
<span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="n">list_</span><span class="p">:</span>
<span class="n">A</span><span class="o">.</span><span class="n">push</span><span class="p">(</span><span class="n">i</span><span class="p">)</span>
<span class="n">l</span> <span class="o">=</span> <span class="n">List</span><span class="p">()</span>
<span class="k">while</span> <span class="err">!</span><span class="n">A</span><span class="o">.</span><span class="n">isEmpyt</span><span class="p">():</span>
<span class="n">e</span> <span class="o">=</span> <span class="n">A</span><span class="o">.</span><span class="n">pop</span><span class="p">()</span>
<span class="n">l</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">e</span><span class="p">)</span>
</code></pre></div></div>
<p>And then we have a problem: which candidate is better? The one with a textbook solution or the other?</p>
<p>I believe the question of which candidate is better based on this question is pointless. The real question is what kind of intel I gained by asking it? Am I making my hiring process more robust by asking it or not.</p>
<p>While I concede it’s an okay question I think it introduces more noise than signal in your process and I hope in future posts to craft other questions that I used to sort out got fits for the positions I was hiring people for.</p>
Sat, 11 Feb 2017 18:00:00 +0000http://ppaulojr.github.io/interview/2017/02/11/questions-for-dev-interview.html
http://ppaulojr.github.io/interview/2017/02/11/questions-for-dev-interview.htmlinterviewCrazy Correlations<p><img src="https://raw.githubusercontent.com/ppaulojr/CrazyCorrelation/master/weather/results/crazy_us.png" width="200" /></p>
<h2 id="crazy-correlations">Crazy Correlations</h2>
<p>The catalyst for this post was a paper published a few years ago named “Voodoo Correlations in Social Neuroscience”. This controversial paper pointed the finger to a number of neuroscientists that were using fMRI as candy and doing monkey business in the process. The paper generated a lot of buzz and created awareness to the fact, that should be well-known, that correlation alone is not causation. After a heated debate the authors renamed the paper to “<a href="https://web.archive.org/web/20150321064936/http://www.edvul.com/pdf/VulHarrisWinkielmanPashler-PPS-2009.pdf">Puzzlingly high correlations in fMRI studies of emotion, personality, and social cognition</a>”</p>
<p>In the paper the authors said:</p>
<blockquote>
<p>_ We have identified a weather station whose temperature readings predict daily changes in the value of a specific set of stocks with a correlation of r 5 %0.87. For $50, we will provide the list of stocks to any interested reader. That way, you can buy the stocks every morning when the weather station posts a drop in temperature and sell when the temperature goes up._</p>
</blockquote>
<p>So I decided to mythbuster-it.</p>
<p>So, look at the map of the correlation between Dow Jones Index and the high-temp of the day</p>
<p><img src="https://raw.githubusercontent.com/ppaulojr/CrazyCorrelation/master/weather/results/crazy_us.png" width="600" alt="Correlation high-temp vs Dow Jones Index" />
<em>Correlation high-temp vs Dow Jones Index</em></p>
<p>One of the cities with a very high correlation was <a href="http://en.wikipedia.org/wiki/Riverhead_(town),_New_York">Riverhead, NY</a> (mostly because of missing temperature data).</p>
<p><img src="https://raw.githubusercontent.com/ppaulojr/CrazyCorrelation/master/weather/results/plotRiverheadNY.png" width="600" alt="Riverhead, NY correlation" /></p>
<h2 id="data-sources">Data Sources:</h2>
<p>Dow Jones Index (NYSE), Temperatures (NCDC/NOAA)</p>
<p>All data and code for this post is here on Github <a href="https://github.com/ppaulojr/CrazyCorrelation/">https://github.com/ppaulojr/CrazyCorrelation/</a></p>
Tue, 08 Nov 2016 13:30:29 +0000http://ppaulojr.github.io/statistics/2016/11/08/crazy-correlations.html
http://ppaulojr.github.io/statistics/2016/11/08/crazy-correlations.htmlstatisticsRubber-hose attacks<p><em>“What I have to do, Agent Brody, is… unthinkable.”</em> H. <a href="http://www.imdb.com/title/tt0914863/">Unthinkable (2011)</a></p>
<p>In an ideal world we should not have to worry about rubber hose attacks, nevertheless the world out there is not so pretty and such scenarios are far from fiction.</p>
<p>Rubber hose attacks are an euphemism for torture used to obtain a password. So let’s imagine the following scenario:</p>
<p>You have an ultra secure system, you invested hundreds of thousands of dollars in state of the art firewall and security appliances. You perform pentests periodically with the best security consulting firms, you forbid pendrives, unencrypted laptop disks among other very strict rules. It seems that you are secure, at least an attacker would have to invest a great sum of money to breach you.</p>
<p>Now let’s imagine you have an adversary, it can be a competitor, or someone that has a strong interest in the data you have. That adversary learns that your system admin will go on vacation to a foreign country, Argentina for instance, and the adversary hire an asset to grab the sysadmin when he was going for some drinks, lock him in a room and start working on him.</p>
<p>Althought the reliability of the intel acquired under duress is questionable it’s common sense that almost every human being has their breaking point. Defending someone’s country is a reason to offer a strong resistance, on the other hand, very few people would be willing to suffer pain to protect their employer. And you as an employer don’t expect it from them, so you have to create another layer of protection.</p>
<p>Here’s some suggestions:</p>
<p>1) Allow admin or sensitive data access from within your office.</p>
<p>2) Revoke admin password of anyone that goes on vacation. That’s valid if you believe rubber-hose attacks won’t happen in US soil.</p>
<p>3) Encrypt your sensitive passwords using <a href="https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing">Shamir Secret Sharing</a></p>
<p>4) Implement a duress password system.</p>
<p>The duress password system, if well implemented is very interesting because it permits the captured sysadmin to handover a valid password and by entering it valid data will be delivered.</p>
<p>An example of a duress password on Linux can be implemented using PAM <a href="http://unix.stackexchange.com/a/107746">[1]</a>.</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>auth optional pam_exec.so debug expose_authtok /etc/security/suicide.sh
</code></pre></div></div>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">#!/bin/bash</span>
<span class="c"># read the users password from stdin (pam_exec.so gives the provided password </span>
<span class="c"># if invoked with expose_authtok)</span>
<span class="nb">read </span>password
<span class="c"># if its an authentication and it's the user "user" and the special password</span>
<span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$PAM_TYPE</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"auth"</span> <span class="o">]</span> <span class="o">&amp;&amp;</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$PAM_USER</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"user"</span> <span class="o">]</span> <span class="o">&amp;&amp;</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$password</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"magic"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
<span class="c"># do whatever you want in the background and the authentication could continue</span>
<span class="c"># normally as though nothing had happened</span>
<span class="nb">exit </span>0
<span class="k">else
</span><span class="nb">exit </span>0
<span class="k">fi</span>
</code></pre></div></div>
<p>Rubber-hose attacks, although despicable, are a very dangerous risk to your network security. Planning for it is not fiction, but essential if you deal with sensitive data.</p>
Mon, 17 Oct 2016 21:30:29 +0000http://ppaulojr.github.io/security/2016/10/17/rubber-hose-attack.html
http://ppaulojr.github.io/security/2016/10/17/rubber-hose-attack.htmlsecuritySide-effects of security jobs<p>An interesting yet scary video I came across those days. TL;DW: Security jobs can be dangerous for your mental health depending what they require you to do.</p>
<p>Although most of the examples there are from CIA, NSA I suppose the concepts can be broadened to anyone working gathering intelligence.</p>
<iframe width="560" height="315" src="https://www.youtube.com/embed/IowHTVxHpAs?rel=0" frameborder="0" allowfullscreen=""></iframe>
Sun, 16 Oct 2016 11:00:29 +0000http://ppaulojr.github.io/security/2016/10/16/security-post.html
http://ppaulojr.github.io/security/2016/10/16/security-post.htmlsecurityBetween Silk and Cyanide - Answer to Morse code<p>I've read the book Between Silk and Cyanide by Leo Marks and wrote the following comment on Goodreads:</p>
<blockquote><p><span id="freeTextreview1218115704">Between Silk and Cyanide was a wonderful recommendation I received and it really paid off. When you think about cryptography during WWII the names that come to mind are Bletchley Park and Alan Turing, but Leo Marks did a fantastic job too. He describes his battle with the bureaucracy to provide better codes to the agents on the field in a very humorous tone, also he writes very well and the book is very agreeable to read.</p>
<p>My only regret is not having discovered this book while my grandpa was still alive a few years ago. He worked for 40 years as a WT operator and there are several morse code issues the book discuss and he would love to talk about it, in fact I learned morse from him. The last time we met he showed me a poem he wrote to his wife (my grandma) using morse code.</p>
<p>Even if you are not into cryptography you will enjoy this book. However if the cryptography bug infects you I'd suggest other two good books one non-fiction <a title="The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography by Simon Singh" href="http://www.goodreads.com/book/show/17994.The_Code_Book__The_Science_of_Secrecy_from_Ancient_Egypt_to_Quantum_Cryptography">The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography</a> from Simon Singh, and other a spy novel from <a title="Robert Littell" href="http://www.goodreads.com/author/show/101398.Robert_Littell">Robert Littell</a>which has as main part of the plot the <a href="http://en.wikipedia.org/wiki/Baconian_theory_of_Shakespeare_authorship#References_in_popular_culture" rel="nofollow">"Baconian theory of Shakespeare authorship"</a> and the <a href="http://en.wikipedia.org/wiki/Bacon%27s_cipher" rel="nofollow">Bacon's Cipher</a>: <a title="The Amateur by Robert Littell" href="http://www.goodreads.com/book/show/1675554.The_Amateur">The Amateur</a>.</p>
<p>I'm grateful to the author of <a title="Arriving at Amen: Seven Catholic Prayers That Even I Can Offer by Leah Libresco" href="http://www.goodreads.com/book/show/23374343.Arriving_at_Amen__Seven_Catholic_Prayers_That_Even_I_Can_Offer">Arriving at Amen: Seven Catholic Prayers That Even I Can Offer</a> , Ms. <a title="Leah Libresco" href="http://www.goodreads.com/author/show/7339967.Leah_Libresco">Leah Libresco</a>, for the recommendation of Between Silk and Cyanide.</p>
<p>P.S.: (<a href="http://morse-code.eu/m/eJxjZBQRYXDOS81TqCrKUMjLTFLwS0xPSixLUkjJKFIoqlJIzstVKCxKK8hLTCvSAwA2IQ7D" rel="nofollow">have fun and crack, not so hard...</a>!)</span></p></blockquote>
<p>But maybe it's hard, so a guess on how to crack it.</p>
<p>Step 1) Record the Morse transmission on Audacity or other program you like.</p>
<p>Step 2) Optional: Clean the Background noise showing a noise profile to Audacity and then filtering out the noise.</p>
<p>Step 3) Look at the wave</p>
<p><a href="https://nobodyreadit.files.wordpress.com/2015/03/captura-de-tela-2015-03-04-c3a0s-17-34-33.png"><img class="aligncenter wp-image-117 size-large" src="/assets/captura-de-tela-2015-03-04-c3a0s-17-34-33.png?w=700" alt="morse-code-message" width="700" height="59" /></a></p>
<p>As you might guess the long wave is a <strong>dash</strong> and the short one a <strong>point</strong>.</p>
<p>Knowing this and the morse code, you can easily decode the morse and then apply some very-easy "crypto" to get the plaintext. It has to do with something in the review.</p>
Wed, 04 Mar 2015 23:50:19 +0000http://ppaulojr.github.io/math/2015/03/04/between-silk-and-cyanide-answer-to-morse-code.html
http://ppaulojr.github.io/math/2015/03/04/between-silk-and-cyanide-answer-to-morse-code.htmlcryptomorsemathThe Good Samaritan and Effective Altruism movement<p>A few years ago, at a wonderful blog, I've heard, for the first time, the expression <a href="http://en.wikipedia.org/wiki/Effective_altruism" target="_blank">Effective Altruism</a>. I confess that since day one it didn't sit well with me, I never mentioned it, because I hoped, that listening more, I could understand and like it. But until now it seems like the modified parable, below:</p>
<blockquote><p>A man fell victim to robbers as he went down from Waltham to Boston. They stripped and beat him and went off leaving him half-dead. A Harvard student happened to be going down that road, but he was going to the effective altruism meeting and, he passed by on the opposite side. Likewise a Princeton graduate came to the place, and when he saw him, he calculate the cost effectiveness of the help he could provide and passed by on the opposite side. But a student from the New England Institute of Art who came upon him was moved with compassion at the sight. He approached the victim, and since there are no cellular coverage to dial 911, poured oil and wine over his wounds and bandaged them. Then he lifted him up on his own 2005 Honda, took him to a hospital and cared for him. The next day he took out two thousand dollars and gave them to the hospital manager with the instruction, ‘Take care of him. If you spend more than what I have given you, I shall repay you on my way back.’</p></blockquote>
<p>I helped <a title="Improvised Medicine – personal recollections" href="https://nobodyreadit.wordpress.com/2014/09/10/improvised-medicine-personal-recollections/" target="_blank">many initiatives</a> over the years, but only once I donated to a <a href="http://www.givewell.org" target="_blank">GiveWell</a> sponsored institution, and not because I care about GiveWell, or understand it, but because I trust very much the person who indicated it to me and I trust her judgement in balancing the so-called effective altruism with caritas. I understand that common sense should be applied when donating our money but effective altruism seems off target (even without the <a href="http://www.effective-altruism.com/ea/66/parenthood_and_effective_altruism/" target="_blank">ludicrous debate on having kids or not</a>).</p>
<p>The <a href="http://w2.vatican.va/content/benedict-xvi/en/encyclicals/documents/hf_ben-xvi_enc_20051225_deus-caritas-est.html" target="_blank">encyclical Deus Caritas Est</a>, which I read recently, is very helpful in thinking about the subject. In fact, the Pope Benedict XVI, uses the term effective several times at that letter.</p>
Mon, 23 Feb 2015 04:08:18 +0000http://ppaulojr.github.io/philosophy/religion/2015/02/23/the-good-samaritan-and-effective-altruism-movement.html
http://ppaulojr.github.io/philosophy/religion/2015/02/23/the-good-samaritan-and-effective-altruism-movement.htmlAltruismcaritascharityeffective altruismgood samaritanparodyPhilosophyReligionBookclub suggestions<p>Approaching the end of Pope Francis's Open Mind, Faithful Heart bookclub here some suggestions for a new choice.</p>
<p><a href="http://www.goodreads.com/book/show/93302.The_Last_Letters_of_Thomas_More" target="_blank">The Last Letters, Thomas More</a> - Written during the fourteen months he was waiting the execution at the Tower of London those letters are his spiritual testament and the memories of a man who acted accordingly to his conscience. The Kindle edition has 24 letters that can make a <strong>24-week bookclub</strong>. The discussion can be expanded <a href="http://law2.umkc.edu/faculty/projects/ftrials/more/more.html" target="_blank">to the trial of Sir Thomas More</a> who used his lawyer skills in his defense (I never understood why <a href="http://www.amazon.com/Thomas-Mores-Trial-Jury-Procedural/dp/1843836297" target="_blank">he was denied a proper trial by jury</a> according to the Article 39 of the Magna Carta).</p>
<p><a href="http://www.goodreads.com/book/show/924931.Damien_the_Leper" target="_blank">Damien the Leper, John Farrow</a> - "John Villiers Farrow, was a film director, producer, novelist and screenwriter" and father of Mia Farrow. <strong>St. Damien of Moloka'i</strong> died in Hawaii (at the time <a href="http://en.wikipedia.org/wiki/Kingdom_of_Hawaii" target="_blank">Kingdom of Hawaii</a> and not part of US), he was a missionary who volunteered to assist the population of <a href="http://en.wikipedia.org/wiki/Molokai#Leper_Colony" target="_blank">Moloka'i</a>, a colony used as forced exile for Hawaiian people suffering from Hansen's Disease. The book also tells part of the history of<strong> <a href="http://en.wikipedia.org/wiki/Marianne_Cope" target="_blank">St. Marianne Cope </a></strong>from Syracuse, NY.<b> </b>This book will definitely cause an impact in your life. (Bonus: the historical and epidemiological aspects of leprosy) - Has 17 chapters, a prologue and epilogue. <strong>~20-week bookclub</strong>.</p>
<p><a href="http://www.goodreads.com/book/show/1084489.The_Song_At_The_Scaffold" target="_blank">The Song at the Scaffold</a>, Gertrud von le Fort - Tell the history of the martyrdom of <a href="http://en.wikipedia.org/wiki/Martyrs_of_Compiègne" target="_blank">16 carmelites at Compiègne</a> in the guillotine during the intense years of the French Revolution. This book written in 1931 inspired the play by George Bernanos. This work shows the virtues and weakness of the sisters and their spiritual growth in face of the death they did not seek. - The number of chapters varies according to the edition. I guess it can be good for a <strong>14 to 16 week</strong> bookclub.</p>
<p><a href="http://www.goodreads.com/book/show/1573406.The_Secret_Of_The_Cure_D_ars" target="_blank">The Secret of the Cure D'Ars</a>, Henri Gheon - Although the ultimate biography about <a href="http://en.wikipedia.org/wiki/John_Vianney" target="_blank">St. Jean-Baptiste-Mary Vianney</a> AKA <i>"Curé d'<a title="Ars-sur-Formans" href="http://en.wikipedia.org/wiki/Ars-sur-Formans">Ars</a>" </i>was written by Francis Trochu, the book by Gheon has the advantage of being a shorter biography focused in the saint as a priest (above all he's the patron saint of all priests), setting aside some detailed biographic aspects. The two main disadvantages of this book for a bookclub is being relatively difficult to find and the large chapters. Depending on how the chapters are separated could be good for a <strong>20-week bookclub</strong>.</p>
<p><a href="http://www.amazon.com/Saint-Teresa-Avila-Marcelle-Auclaire/dp/0932506674/ref=sr_1_1?s=books&amp;ie=UTF8&amp;qid=1419187920&amp;sr=1-1" target="_blank">Saint Teresa of Avila</a>, Marcelle Auclaire - One of the most complete biographies of the the founder of <a href="http://en.wikipedia.org/wiki/Discalced_Carmelites" target="_blank">Discalced Carmelites</a> and mentor of <a href="http://en.wikipedia.org/wiki/John_of_the_Cross" target="_blank">St. John of the Cross</a>. In Spain, during those years, many saints appeared and the book tells some of their histories including one quote I used in a September comment "<em>I brought the body of our Lady the Queen carefully guarded from Toledo to Granada, but to swear that it is herself, the woman whose beauty admired me so much, I dare not. […] Yes, I swear (that’s her), but I swear too never more serve a master that might die.</em>" (Duke of Gandía later <a href="http://en.wikipedia.org/wiki/Francis_Borgia,_4th_Duke_of_Gand%C3%ADa" target="_blank">St. Francis of Borgia</a>).</p>
<p><strong>Bonus</strong></p>
<p><a href="https://www.goodreads.com/book/show/19720742-a-doctor-at-calvary" target="_blank">A Doctor at Calvary</a>, Dr. Pierre Babet - AKA "The Passion of Our Lord Jesus Christ As Described by a Surgeon", Dr. Babet was a french surgeon that using forensic pathology techniques performs a detailed virtual authopsy based on the <a href="https://www.shroud.com" target="_blank">Shroud of Turin</a> (see also <a href="http://en.wikipedia.org/wiki/Shroud_of_Turin">Wikipedia article</a>). It would make an interesting bookclub subject for <strong>14 to 21 weeks</strong>.</p>
<p><a href="http://www.goodreads.com/book/show/19771262-vessel-of-clay" target="_blank">Vessel of Clay</a>, Fr. Leo John Trese - An hourly account of the daily life of a priest working in a rural US area. His struggles, the prayers, the meditations, the casual events of life. A very nice read and good material for a book club since it's very well segmented.</p>
<p><strong>Larger books</strong></p>
<p>The 12 volume History of the Church by <a href="http://en.wikipedia.org/wiki/Daniel-Rops" target="_blank">Henri Daniel-Rops </a>- Too long ~6000 pages.</p>
Mon, 01 Dec 2014 15:19:00 +0000http://ppaulojr.github.io/religion/2014/12/01/bookclub-suggestions.html
http://ppaulojr.github.io/religion/2014/12/01/bookclub-suggestions.htmlbookclubReligionReligionWhat-if-Theology: Adam refusal and consequences.<p>In some situations <a title="Improvised Medicine – personal recollections" href="http://nobodyreadit.wordpress.com/2014/09/10/improvised-medicine-personal-recollections/" target="_blank">like this project</a>, we have the opportunity to teach the catechism for kids and during one of those trips, to that remote place, one little girl asked an amazing question to one of the volunteers of the project:</p>
<blockquote><p>What-if Adam had refused to eat the forbidden fruit?</p></blockquote>
<p>Adam would not have sinned, but we would have a big theological problem. I believe the answer would be part of the revelation of God but since we are in the realm of what-ifs we can be creative and try to guess one solution.</p>
<p>Genetics would not be a solution here (like this paper I found on the internet regarding HP genetics - "<a href="http://mypocketshurt90.tumblr.com/post/27495622491/i-sent-this-paper-to-jk-rowling-explaining-how-the" target="_blank">how the wizarding gene could be singular, autosomal, and dominant</a>") since the event happened when Eve was already an adult. It could be a mutation but since it's a spiritual phenomenon I'd think genetics won't help us.</p>
<p>The Catechism (1992) describes the original sin as something that was lost.</p>
<blockquote><p>"By his sin Adam, as the first man, lost the original holiness and justice he had received from God, not only for himself but for all humans."</p></blockquote>
<p>So we can use the mechanism of a civil inheritance, in this mechanism the debts of the parents are discounted from the estate and not from the offspring. In our case the debt was charged during the life of Adam and Eve and they lost their properties (the supernatural gifts and the <a href="http://www.catholicculture.org/culture/library/dictionary/index.cfm?id=35763" target="_blank">preternatural gifts</a>).</p>
<p>In this framework, we could suppose that one effect of this asymmetrical sin would be that the descendants could still inherit from Adam and then there would be no original sin for the humankind. In other words, this would proof that Adam has the same guilty as Eve in the original fall.</p>
<p>But to complicate things we know that God expelled Adam and Eve from paradise and then in the what-if case we are studying only Eve would be expelled and if she was not pregnant yet we would have no humankind. Wait! Maybe Adam could have another rib to spare! Wait again, you gonna be spanked by being gender biased! Ok, but it's not my fault if I have to work with the description of Genesis.</p>
<p>And to complicate more, Eve could have been expelled from the paradise already pregnant. If she was expecting only one kid we have game over and should consider another rib. But then we have 1.5% probability she was expecting twins (without taking into account that twins were rarer than today), but identical twins obviously would be game over too, as well same gender fraternal twins. The only hope for the propagation of humankind would be mixed gender fraternal twins and that give us with roughly 40% probability over 1.5% or 0.6% of Eve having possibility to get grandchild vs 99.4% of extinction of the humanity. <em>[There's an exception here I didn't dare to write at first but the odds can be increased to 50.3% if you consider that having a male child, twin or not, would enable Eve to maintain the human race]</em></p>
<p>Paraphrasing Oscar Wilde, since we are already in the gutter (and maybe in some kind of heresy) why not try to see some stars. Supposing Eve left the paradise pregnant with fraternal mixed gender twins. Would those kids inherit from Adam or not? Considering most of inheritance laws around the world they would, unless Adam died before Eve, but that would hardly happen since Adam had the preternatural gifts.</p>
<p>But Adam ate the fruit of the forbidden tree and we can stop this what-if theological nonsense and chant with the Catholic Church in the Paschal vigil: <i>"O felix culpa quae talem et tantum meruit habere redemptorem"</i> (O happy fault that earned for us so great, so glorious a Redeemer.)</p>
<p><strong>Note</strong>: The What-If idea was based in the <a href="http://what-if.xkcd.com" target="_blank">wonderful site from Randall Munroe</a>. Maybe we can continue this discussion with the refusal of Eve to eat.</p>
<p><strong>Disclaimer: This is not a theological piece, but a theological reasoning over an absurd situation. </strong></p>
<p><a href="https://nobodyreadit.files.wordpress.com/2014/11/the_sistine_chapel_ceiling_frescos_after_restoration_original_sin.jpg"><img class="aligncenter wp-image-59 size-medium" src="/assets/the_sistine_chapel_ceiling_frescos_after_restoration_original_sin.jpg?w=300" alt="The Sistine Chapel Ceiling Frescos After Restoration Original Sin Painting by Michelangelo Buonarroti; The Sistine Chapel Ceiling Frescos After Restoration Original Sin." width="300" height="199" /></a></p>
Sat, 08 Nov 2014 14:18:03 +0000http://ppaulojr.github.io/religion/2014/11/08/what-if-theology-adam-refusal-and-consequences.html
http://ppaulojr.github.io/religion/2014/11/08/what-if-theology-adam-refusal-and-consequences.htmlHumorprobabilityReligionWhat-IfReligion